Radware Survey Finds Majority of Companies Paid a Hacker’s Ransom Over the Past Year

MAHWAH, N.J., June 12, 2018 (GLOBE NEWSWIRE) — Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber-attack. This comes as technology and privacy concerns present greater challenges in improving overall security posture.

“A ransom payment may make the problem go away for now, but these types of responses won’t drive a business forward,” said Anna Convery-Pelletier, Chief Marketing Officer at Radware. “A reactionary security strategy limits an organization’s ability to secure customer data, protect their brand’s reputation, and achieve business goals. Investing in appropriate security solutions is no longer simply an IT expense, it is fundamental to a business’ long term success.”

According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers.

Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks. In a sign that consumers will not accept data breaches, 41% of executives noted their organization faced legal action from customers following a breach. At the same time, executives stated that their biggest concerns associated with cyber-attacks are customer loss (41%) and brand reputation loss (34%).

In the midst of all this, organizations still struggle to implement tools that would drastically improve their cybersecurity posture. While more than one in three (35%) executives noted that encrypted attacks would be detrimental to their organization, 41% reported that they continue to review the legalities of decrypting traffic on their network, a process needed to significantly reduce the threat of encrypted threats.

Have we reached an automation tipping point? The complexity of networks and changing attack vectors have led companies to invest in automated and machine-learning security tools. Over the past two years, 71% of executives report shifting network security spending to investments in automated security.

Gaps between clouds create major security risk. More than 90% of executives report using multiple public and private cloud environments as part of their companies’ IT infrastructure, and most companies host up to 50% of their business applications in the cloud. C-suite executives clearly understand that dispersing their network across multiple public and private clouds introduces security risks however. The vast majority of respondents (96%) are very or somewhat concerned about network vulnerabilities created by using multiple clouds.

“Businesses are trying to increase operational efficiency by moving to cloud infrastructure,” continued Convery-Pelletier. “Spreading apps across the cloud can increase network agility, improve scalability, and manage cost. However, most organizations only secure the individual cloud environments, and without looking at securing the network as a whole, they create gaps between the clouds.”

Executives reveal their most detrimental security threats: 38% of executives report daily or weekly attacks. Executives feared social engineering (38%), Ransomware (38%) and Malware (37%) as the most detrimental to their business, followed closely by IoT botnet powered DDoS attacks (35%), and Encrypted (35%) attacks.

Nation state attacks motivate security upgrades for American organizations. U.S. executives in particular were more likely than their peers in EMEA and APAC to say that attacks by nation-states have influenced security changes. More than half of U.S. executives pointed to nation-state threats as a motivator, while just 30% in the APAC region, and 41% in the EMEA region said so.

Companies react when peers are attacked. Approximately 61% of executives said that watching attacks on peer companies influenced their decision to change security policy. Almost as many, 59%, said attacks on their own organizations had prompted changes in their security posture.

The report provides a detailed analysis of the views and insights from more than 200 senior leaders at organizations across the globe. To read the full report on the survey’s findings, download it here.

Methodology:

On behalf of Radware, Merrill Research surveyed 232 executives from across the globe. To participate in the 2018 Executive Application & Network Security respondents were required to be a company with at least 250 million USD/EUR/GBP/RMB in revenue and hold a title of senior vice president level or higher. By design, the survey required at least half respondents to be C-level executives, though this year’s research attracted far more C-level corporate leaders. About half of the companies in the survey have 1,000 to 9,999 employees, averaging about 3,700. American respondents skewed highest in average number of employees at nearly 4,300.

THIS PRESS RELEASE REPORT AND SURVEY ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE’S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT OR FUTURE PERIOD.

Safe Harbor Statement This press release may contain statements concerning Radware’s future prospects that are “forward-looking statements” under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words “believes”, “expects”, “anticipates”, “intends”, “estimates”, “plans”, and similar expressions or future or conditional verbs such as “will”, “should”, “would”, “may” and “could” are generally forward-looking in nature and not historical facts. Because such statements deal with future events, they are subject to various risks and uncertainties and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; changes in the competitive landscape; inability to realize our investment objectives; timely availability and customer acceptance of our new and existing products; risks and uncertainties relating to acquisitions; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; Competition in the market for Application Delivery and Network Security solutions and our industry in general is intense; and other factors and risks on which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, reference is made to Radware’s Annual Report on Form 20-F, which is on file with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.